Bandwidth Problems
I am a website owner. This pass summer our bandwidth went from 1-2 GB of bandwidth to now 20GB of bandwidth. It seems to be climbing. Nothing as far as design has changed since January of this year.
Now I am all for more traffic to my site, but this seems extreme. Our website designer apparently dose not look into cpanel issues. His only response is to "Oh, more traffic? You need more bandwidth space."
I am semi tech savvy so I looked into cpanel AWStats. I found an IP address that has increasingly used alot of bandwidth. This month it is projected to use more than 7GB. This same IP address uses SQLMAP browser according to cPanels Latest Visitors the questionable IP Address User Agent is sqlmap/1.0-dev-nongit-20151007 (- Removed -). Something is terribly wrong with this but my web designer said "There is no spikes or robots or crazy activity." Also the "Dynamic PHP Script file" has used 7GB this month. Is that normal?
Can someone help direct me on how I can pinpoint my issue? Something just doesn't look right.
We are a small eCommerce business and over 20GB a month seems excessive.
-
Hello, I recommend blocking that IP address if it's using up that much bandwidth. You can block the IP address manually via the account's .htaccess file or using IP Blocker within cPanel: IP Blocker - Documentation - cPanel Documentation Thank you. 0 -
I have done that but what's stopping them from doing it again and again? It there some way to monitor IP addresses that appear to be malicious? Hello, I recommend blocking that IP address if it's using up that much bandwidth. You can block the IP address manually via the account's .htaccess file or using IP Blocker within cPanel:
0 -
I have done that but what's stopping them from doing it again and again? It there some way to monitor IP addresses that appear to be malicious?
The issue is better addressed with custom firewall rules or Mod_Security rules that block the user-agent. You may need to consider switching hosting providers if your current provider is unwilling to address the concern. Thank you.0 -
The issue is better addressed with custom firewall rules or Mod_Security rules that block the user-agent. You may need to consider switching hosting providers if your current provider is unwilling to address the concern. Thank you.
Can you expand on how to block user agents? After blocking this IP Address it came back today....same IP Address I denied. Obviously cPanel IP Denier is not working.0 -
Hello, You can find an example of the .htaccess rules to block a specific user-agent at: Block by useragent or empty referer Let us know if this helps. Thank you. 0 -
Hello, You can find an example of the .htaccess rules to block a specific user-agent at: Block by useragent or empty referer Let us know if this helps. Thank you.
Thank you for your reply. Just to let you know I have zero experience with manipulating the htaccess file. I would hate to mess something up. Is it as simple as copy and paste? For me what would I put as the user agent for this bot? Thank you.0 -
Thank you for your reply. Just to let you know I have zero experience with manipulating the htaccess file. I would hate to mess something up. Is it as simple as copy and paste? For me what would I put as the user agent for this bot? Thank you.
Could you post the contents of your .htaccess file as it exists now, ensuring to replace any real domain names or IP addresses with examples? Thank you.0 -
Could you post the contents of your .htaccess file as it exists now, ensuring to replace any real domain names or IP addresses with examples? Thank you.
1. I cannot see htaccess file in "File Manager". I can only access it through the "Legacy File Manager". Is that a problem? 2. There are two htaccess files. One is just .htaccess the other is .htaccesss-1404323084. Which do I edit? We have a mobile version of the website. 3. What type of encoding do I use to edit? In the regular .htaccess file it reads: 1 # Use PHP52 as default 2 AddHandler application/x-httpd-php52 .php 3 4 suPHP_ConfigPath /opt/php52/lib 5 6 In the ..htaccesss-1404323084 file it reads: 1 # Use PHP54 as default 2 AddHandler application/x-httpd-php54 .php 3 4 suPHP_ConfigPath /opt/php54/lib 5 6 The user agent on the bot is "sqlmap/1.0-dev-nongit-20151007 (sqlmap: automatic SQL injection and database takeover tool)"0 -
. I cannot see htaccess file in "File Manager". I can only access it through the "Legacy File Manager". Is that a problem?
In File Manager, you can utilize the "Settings" option in the upper-right hand section of the interface and enable the following option: Show Hidden Files (dotfiles). There are two htaccess files. One is just .htaccess the other is .htaccesss-1404323084. Which do I edit? We have a mobile version of the website.
Use .htaccess. The other looks like a backup of an older version.. What type of encoding do I use to edit? In the regular .htaccess file it reads: 1 # Use PHP52 as default 2 AddHandler application/x-httpd-php52 .php 3 4 suPHP_ConfigPath /opt/php52/lib 5 6
Add lines such as this after the last line and then save the changes:RewriteEngine on RewriteCond %{HTTP_USER_AGENT} sqlmap [NC] RewriteRule ^ - [F,L]
Thank you.0
Please sign in to leave a comment.
Comments
9 comments